Confidentiality agreement for a specification

Question

We agreed some time ago that a company produce a specification for a piece of internal software. Until they produce the spec, we won't agree to the contract for the implementation.

They have sent us a confidentiality agreement to sign, covering the "program specification".

I have a few questions:

• Is this normal practice?
• Since the document is based largely on information that is ours (working practices, our requirements), how do I ensure our rights on this information are not restricted. The document states if "[we] can establish by reasonable proof" that we already had the information, it's excluded. I don't like the burden of proof here.
• They have put a 5 year expiry on the agreement, is this the normal period?

Is there anything in particular I should check for?

EDIT

I should probably have said that my inclination would be to pass it to a lawyer, but we're a small company and it isn't my decision. I'm looking for specific points a) in case you think we should just reject this (in which case no need for a lawyer) b) as a way to persuade my boss to take it to a lawyer and possibly provide a basis for early negotiations.

Also, there are non-legal aspects to this.

Answer 1

Sounds like you need to speak to a lawyer. Get some professional advice on the contract.

Answer 2

Not many people on SO will be qualified lawyers, and those that are would tend to charge a fee instead of going pro-bono on it, so this is not the best place to get legal advice.

Personally, I can see why the company is doing it - to prevent you taking their designs and innovation in solving the business problem - and farming it out to a cheap coding shop.

Use your company legal dept / local lawyer would be best next step.

Answer 3

Yep, it's normal (and the 5 year term), but that doesn't always mean it's appropriate. Sounds like the NDA is drafted in conventional terms so I suspect you will actually get the protection you need from the exclusions to the restrictions. Shouldn't be too hard to meet the burden of proof because you probably have emails originating from you which show the info you provided.

If the content really is mostly yours, why not just ask them to identify more specifically what it is they want to protect. Even if you don't get the agreement changed, the reply to your question might be useful to have on file if you later find you are on the receiving end of a complaint.

As with most legal docs, it's pretty easy to imagine all sorts of dread scenarios. All I can see is that I don't remember seeing anyone actually come unstuck with an NDA in the absence of a clear abuse. Mind you, I don't live in the US!

Of course, the risk of trying to give pragmatic advice is that you could be the unlucky soul who meets a litigation warrior.

Answer 4

Not sure if this question is still live--anyway, i just saw it so i'll assume it is.

I think your discomfort is well-grounded. A minute or two of theory might help before discussing what to do next. Based on the provisions you've read to me, the draft Agreement co-mingles two distinct (but related) concepts of intellectual property law: (i) ownership (of the intellectual property; and (ii) access/control of the physical article that embodies it.

An example: you go to Barnes & Noble and buy the novel "Snow Crash" by Neil Stephenson. Do you own that book? Sure. Does the purchase grant you unrestricted access (control) to that book? Of course. Can you move to Hollywood, write a screenplay based on the book, and sell it to a studio for millions? No.

The answers are different because different legal rubrics are involved. My point here is that ownership (of the intellectual property) and access (to the physical article, or the "implementation" of the IP, as it were) are not the same, and having a right to one doesn't (necessarily) confer a right to the other.

How's this relevant to your question? Well, the company that created the Spec is obviously worried about a single specific scenario: you receive their Spec, read it carefully, tell them "no thanks" then send the spec to your in-house developers or a cheaper outside vendor, who then develop the product described in the Spec. (I am not even remotely implying you would do that--just saying that's what they fear.)

Now, the key point is that this quite justifiable fear can be completely ameliorated by an Agreement that relates solely to access/control--it (usually) need not bother with (IP) ownership. (This is obvious the more you think about it--the purpose of the Agreement is to restrict what you can do with the Spec; it is not an IP license.) For example, one provision might forbid you from disclosing any portion of that Spec to anyone outside your own company for any reason (subject to the usual boilerplate, e.g., unless they breach the contract and you have to find another outfit to complete the work, etc.) A second provision might prevent you from disclosing the Spec to anyone within your company, prior to execution of a production contract, unless that person is necessary for evaluation of the Spec. (You mentioned your firm is small, so this moght not work, but you get the idea.) Finally, a reasonable and fair NDA might have a provision which forbids you from making any copies, in whole or in part, whether digital or otherwise, etc., etc. and upon evaluation of the Spec, you must return the all (numbered) copies to the company that created it. (Obviously all of these can be circumvented, but they work together, plus, developers are perhaps the most ethical group of people i know--if they see a label on a document that says "DO NOT COPY"--i don't think they will.)

So where does this leave us? Well, we haven't discussed "ownership" (of the IP). The reason we haven't discussed it is because it isn't necessary to provide the protection the other Company actually seeks. So, i don't think that provisions like "if [we] can establish by reasonable proof...." belong in a document of this sort--granted, they are often (usually) there, but they shouldn't be. Another reason IP ownership provisions should not be in the Agreement is that (and this is the source of your concern i suspect) the IP embodied in the Spec does not belong exclusively and completely to the other company, and clearly they know that. What belonged to you before you ever saw that Spec should not suddenly become theirs unless you can supply reasonable proof that you own it--that's absurd.

In sum, you might consider giving them protection against the risk they fear--but that doesn't mean you need to sign that document they've given you. My point is that an Agreement with provisions relating solely to access and control of the physical article (as in the preceding paragraph) is often sufficient to provide that protection.